Setting up Native Access Control

This section describes basic tasks associated with setting up native access control. Native access control provides authenticated
access for both Java-based and non-Java applications. However, if you plan
to deploy Java web applications, you can leverage the benefits of Java-based
security realms. The various aspects of Java security constraints are outside the scope of this guide
but are discussed in detail in the Sun Java System Web Server 6.1 Programmer’s
Guide to Web Applications.

Consider that you want to allow access to all files under /hr/publish/manager to a user named “manager” at Acme Corp. To use user-based
access control (in addition to host-based access control), create a directory service

Since you use you first need to .

To create a directory service

A directory service allows you to authenticate and authorize users
and groups. You can configure a directory service in one of the following
ways:

Set up user information in a file

Obtain user information from an LDAP server

In this example, we will set up user information in a file.

Access the Administration Server and choose the Global Settings
tab.

Click the Configure Directory Service link.

From the Create New Service of Type drop-down list, choose Key File as the type of directory service. This is a text file
that contains the user’s password and the list of groups to which the
user belongs.

Figure 3–1 Creating New Directory Service Type

Click New.

Specify keyfile1 as the Directory Service ID
and HRAuthFile as the name of the file, as shown below:

Figure 3–2 Configuring Directory Service Type

Click Save Changes.

Restart the server for the changes to take effect.

To add a user

We start with creating a user ID called “manager.” This
will represent the person who needs to have access to all the files in /hr/publish/manager .

Access the Administration Server and choose the Users & Groups
tab.

Click New User.

Select “HRAuthFile” from the Select Directory service
drop-down list and click Select.

Enter the required information, as shown below:

Figure 3–3 Creating a New user

Click Create User.

A new user is added to the file: HRAuthFile.

Next, you need to associate our virtual
server, hr.acme.com, with the directory service we’ve
created.

To specify a directory service for a virtual server

Access the Virtual Server Manager and click the Settings link
to display the Settings page for the virtual server, hr.acme.com.